VxRail: Node Add NIC Configuration Error: SSL: CERTIFICATE_VERIFY_FAILED
Summary: A node add fails on NIC configuration with error: SSL: CERTIFICATE_VERIFY_FAILED
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
While performing a Node Add, we are unable to go pass the NIC Configuration Page.
Error log:
22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl:<gevent._ssl3.SSLContext object at 0x7f31e9481278> [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}
Curl check:
vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Cause
SSL Handshake between ESXI and VXRM fails.
Resolution
Run the below commands to verify the certificate issue.
Check and update the ESXi certificates using the VMware documentation below:
1. Run the below command to test the ESXi host connection, and capture the entire output:
vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
2. Run the below command to test the ESXi host connection, and capture the entire output:
vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
3. Run the below command to test the ESXi host connection, and capture the entire output:
vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
Example output: Verify return code: 0 (ok) Or, Verify return code: 12 (CRL has expired)
Review the VMware documentation to renew and refresh the ESXi certificates:
- Renew and Refresh ESXi Certificates - View VMware article Renew or Refresh ESXi Certificates
- Run the newest version of cert_util.py in article VxRail: How to manually import vCenter SSL certificate on VxRail Manager
Affected Products
VxRail, VxRail SoftwareArticle Properties
Article Number: 000198975
Article Type: Solution
Last Modified: 05 Sep 2025
Version: 7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.